Web enumeration involves systematically extracting detailed information about a target web application, including its structure, functionality, and underlying technologies.
Sitemaps: Provides a hierarchical diagram of the pages within a web application, useful for understanding the structure and navigation of the site.
Usage: Many web applications include a sitemap (usually accessible as /sitemap.xml). Tools like web crawlers can also generate sitemaps.
Testssl.sh (CLI-based): Tests TLS/SSL encryption strength and vulnerabilities in web servers.
./testssl.shexample.com# General test of the SSL/TLS of a web server../testssl.sh--vulnerableexample.com# Checks for known vulnerabilities../testssl.sh--protocolsexample.com# Tests supported protocols../testssl.sh--headersexample.com# Checks security headers.`./testssl.sh--cipher-per-protoexample.com`# Lists ciphers per protocol for the target.
Nmap for Cipher Strength: Besides its primary function as a network scanner, Nmap can be used to test SSL/TLS cipher strength.
nmap--scriptssl-cert,ssl-enum-ciphers-p443example.com# Enumerates SSL/TLS ciphers and certificate details.nmap--scriptssl-known-key-p443example.com# Checks for SSL keys known to be weak.nmap--scriptssl-date-p443example.com# Compares the SSL certificate's date with the local system date.nmap--scriptssl-dh-params-p443example.com# Shows Diffie-Hellman parameters.nmap--scriptssl-heartbleed-p443example.com# Tests for the Heartbleed vulnerability.
Checking HTTP Headers: Analyzing HTTP response headers for security settings, server types, and other valuable information.
Usage: Browser developer tools or command-line tools like curl -I http://example.com can be used to view headers.
Uniscan: A simple remote file, directory, and web structure enumerator.
Wmap: A web application vulnerability scanner, often used within the Metasploit Framework.
Note: Integrated within Metasploit. Wmap is used to gather and store information about web applications and then identify vulnerabilities.
NmapAutomater (CLI-based): A script that automates the scanning process with Nmap and other tools.
./nmapAutomator.shexample.comQuick# Conducts a quick scan of the target../nmapAutomator.shexample.comNetwork# Performs a detailed network scan../nmapAutomator.shexample.comVuln# Runs vulnerability scanning on the target../nmapAutomator.shexample.comRecon# Gathers detailed reconnaissance information../nmapAutomator.shexample.comFull# Executes a full range of scans (Quick, Network, and Vuln).
AutoRecon (CLI-based): An automated reconnaissance tool that performs numerous scans and enumeration while being efficient.
autoreconexample.com# Performs a full reconnaissance scan on the target.autorecon-vvexample.com# Runs the scan in very verbose mode.autorecon-o/path/to/outputexample.com# Specifies the output directory for scan results.autorecon--single-targetexample.com# Scans a single target.autorecon--only-scans-direxample.com# Only runs scans found in the "scans" directory.